Whenever a user visits an AI chatbot website, these extensions quietly run background scripts that capture and transmit the full conversation. The scale of the issue is particularly alarming because millions of people have installed these tools.
Most users already assume that AI companies themselves may review chatbot interactions, even if the data is anonymized. What many do not expect is that unrelated third-party services might also be gathering this information for analysis or other undisclosed purposes.
Koi co-founder and CTO Idan Dardikman became concerned after engaging in a deeply personal conversation with a chatbot. This prompted the company to deploy Wings, its agentic AI risk-scanning system, to search for browser extensions capable of accessing and exporting chatbot conversations.
“We assumed we’d uncover a few obscure add-ons with low download numbers and questionable origins,” Dardikman explained. “Instead, the results were far more troubling.”
One extension in particular drew attention: Urban VPN Proxy. It had accumulated more than seven million installs across Chrome and Microsoft Edge and was designed to monitor conversations on ten major AI platforms, including ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), and Meta AI.
According to Dardikman, the extension contains platform-specific scripts built specifically to intercept and record chat data. This collection process is enabled automatically through hardcoded settings, offering users no option to disable it. The only way to stop the data capture is to remove the extension entirely.
While Urban VPN Proxy’s privacy policy does mention the collection of AI chat data, Koi notes that most users are unlikely to read those disclosures. Meanwhile, the extension’s store listing claimed that user data was not sold to third parties beyond “approved use cases,” a phrase that links to Chrome Web Store policies restricting browsing data collection unless it directly supports a clearly stated user feature.
Koi also identified similar behavior in other extensions, including 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker. Although these had fewer downloads, 1ClickVPN Proxy alone exceeded 600,000 installs. Combined, these extensions reached more than eight million users across Chrome and Edge.
All of the flagged extensions have since been removed from the Chrome Web Store. However, they are still available in the Microsoft Edge Add-ons store, where 1ClickVPN Proxy is even labeled as “Featured,” a designation intended to highlight extensions meeting high standards for quality and security. Urban VPN Proxy previously held the same status on Chrome.
“That designation implies a manual review,” Dardikman said. “Either the review process missed code that siphons conversations from Google’s own AI service, or it identified it and decided it wasn’t an issue.”
Koi strongly advises users to immediately uninstall any of the affected extensions. The firm warns that AI conversations dating back to July 2025 should be considered compromised and potentially shared with third parties.
Newer Articles
- Google’s Search Bar Just Got Smarter
- Apple Marks Original iPhone SE as Obsolete, Ending Repairs
- Samsung has unveiled its newest take on mobile design - and it’s a bold one.
